We value your privacy

We use cookies to enhance your browsing experience and analyze traffic anonymously for internal statistical purposes. By clicking “Accept all,” you consent to the use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site.... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

  • Cookie
    cookieyes-consent
  • Duration
    1 year
  • Description

    CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about site visitors.

  • Cookie
    _GRECAPTCHA
  • Duration
    180 days
  • Description
    This cookie is used by the Google reCAPTCHA service to protect the site from spam and abuse, distinguishing between real users and bots. It performs a risk analysis by collecting information on browsing behavior and device details, such as mouse movements, keystrokes, and technical data.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

  • Cookie
    language
  • Duration
    1 anno
  • Description

    This cookie is used to store the user's language preference.

  • Cookie
    post_viewed_
  • Duration
    1 ora
  • Description

    This cookie prevents a single visit to an article from being counted multiple times when the page is refreshed.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

  • Cookie
    _ga_*
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to count visitors to the page

  • Cookie
    _ga
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to calculate visitor, session, and campaign data and track site usage for site analytic reporting. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Threats

Cyber attacks: what are the clear signs

Discover the most common cyber attacks and the clear signs of an intrusion in progress to respond quickly and effectively.

Types of cyber attacks

27 May 2025

Table of contents

  • Types of cyber attacks
  • Clear signs of a cyber attack: examples and tools
  • Which of these is a clear sign?

Cyber attacks are an ever-evolving threat that can affect companies, institutions, and individuals alike. No one is truly immune.

The ability to quickly recognize the signs of a cyber intrusion is now essential to minimize damage, protect data, and safeguard digital infrastructure. In this article, we explore the main types of cyber attacks and identify the clear signs that indicate a system has been compromised.

Types of cyber attacks

Cyber attacks take many forms, each with its own methods and objectives. Understanding them is the first step in defending against them.

  • Phishing
    Among the most widespread techniques, phishing uses deception to obtain login credentials or sensitive information. It often appears as an email from a seemingly trustworthy source, complete with official-looking logos and signatures. These messages typically contain malicious links or attachments designed to steal data or install malware.
  • Malware
    Malware includes various forms of malicious software — viruses, worms, trojans — that infiltrate IT systems, compromise files, steal information, or provide unauthorized remote access. It typically spreads via infected email attachments, downloads from untrustworthy websites, or compromised USB devices.
  • Ransomware
    A particularly dangerous form of malware, ransomware encrypts user data and demands a ransom — usually in cryptocurrency — to release the decryption key. Without clean backups, victims may face severe operational and financial consequences.
  • Man-in-the-Middle (MitM) attacks
    In a MitM attack, the hacker silently intercepts communication between two parties to steal or manipulate data. This often occurs on unsecured public Wi-Fi networks or through compromised routers that allow attackers to alter traffic in transit.
  • DoS and DDoS attacks
    Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks aim to make websites or online services unavailable by flooding them with excessive requests. DDoS attacks are usually executed using botnets — networks of infected devices — to intensify the impact and obscure the origin.
  • IP-based attacks
    Using an exposed IP address, cybercriminals can scan ports, attempt brute-force logins, or exploit vulnerabilities to gain unauthorized access. These attacks are often the first step in more complex intrusion strategies.

Clear signs of a cyber attack: examples and tools

Quickly recognizing a cyber attack in progress can be the difference between prompt recovery and a full-scale breach. Below, we’ll explore each clear sign in depth, providing realistic scenarios, practical tips, and code snippets where applicable.

Sudden system slowdowns

A drastic drop in performance can indicate malware consuming CPU or RAM for hidden tasks.

Example
You’re only running a browser, but your CPU usage is over 90%.

Check on Windows (PowerShell):

Get-Process | Sort-Object CPU -Descending | Select-Object -First 10

Check on Linux:

top

# or

ps aux --sort=-%cpu | head

If you see unknown or suspicious processes, run a full malware scan.

Unusual popups and Windows

Spyware or adware may cause popups, even with your browser closed.

Example
Popups urging you to “remove threats” or click to claim a prize.

Technical tip:
Check Startup Programs (Windows):

wmic startup get caption, command

You can also use Autoruns from Microsoft Sysinternals to identify and disable suspicious autostart entries.

  • Unauthorized File Modifications
    Ransomware often encrypts and renames files.

Example
Your .docx files are now .docx.locked or .encrypted.

Python code to detect recent file changes in a folder:

import os, time

path = "C:/Users/YourName/Documents"

before = {f: os.path.getmtime(os.path.join(path, f)) for f in os.listdir(path)}

time.sleep(10)  # wait 10 seconds for this test

after = {f: os.path.getmtime(os.path.join(path, f)) for f in os.listdir(path)}

modified = [f for f in before if before[f] != after.get(f)]

if modified:

    print("Modified files:", modified)

Unusual network traffic

Example
Your system sends data to a suspicious IP (e.g., in another country) over an unfamiliar port.

Check connections on Windows:

netstat -ano | findstr ESTABLISHED

On Linux:

sudo lsof -i -n -P | grep ESTABLISHED

Advanced tools: use Wireshark, tcpdump, or Zeek to monitor traffic in real time and spot data exfiltration.

Antivirus or Firewall disabled

Example
You receive a notification that your antivirus or firewall has been turned off, and you can’t re-enable it. Some malware disables protection to operate undetected.

PowerShell check:

(Get-MpComputerStatus).AntivirusEnabled

(Get-NetFirewallProfile).Enabled
Unknown programs installed

Unknown programs installed

If you find software you didn’t install, it may be part of a remote access toolkit (RAT) or other malicious implant.

Example
A new app appears named update_service.exe that was never installed manually.

List programs (Windows):

Get-WmiObject Win32_Product | Sort-Object Name

On Linux:

dpkg --get-selections | grep -v deinstall
  • Access from unusual locations
    Logins from unusual locations If your accounts are showing logins from unusual geographic locations, they have probably been compromised.

Example
You receive a security alert: “Login from São Paulo, Brazil,” but you’re in New York.

Technical tip:
Enable two-factor authentication (2FA) and monitor account access logs in:

  • Google Account → Security → Recent activity
  • Microsoft 365 → Security center → Login history
  • WordPress → Use plugins like “WP Activity Log”

Emails sent automatically from your account

Example
Friends or coworkers receive strange emails from your address with suspicious links or generic messages.

This means your email account is compromised and used for spamming or malware distribution.

For Gmail Workspace accounts:

  1. Go to Settings → Security → Account Activity
  2. Check for suspicious filters, forwarders, or rules

Ransom demands or lock screens

Example
You boot your computer and see a red screen reading:
“Your files have been encrypted. Pay in Bitcoin to recover them.”

This is a classic ransomware attack. Do not restart or pay the ransom. Disconnect from the network immediately and contact a cyber security professional.

Fake antivirus warnings

Example
A full-screen alert says:
“Warning! Your PC is infected. Download Antivirus Pro 2025 now!”

This is likely rogue security software, attempting to trick you into downloading more malware or making a fraudulent payment.

Which of these is a clear sign?

Not all suspicious behavior points directly to an attack — for example, a slow system could be due to a routine update.

However, unauthorized file changes, disabled antivirus, unexpected installations, and ransom demands are unmistakable indicators of a cyber attack. Taking immediate action can prevent further data loss and service disruption.

Frequently asked questions

  1. What is a cyber attack and who is at risk?
    It’s a malicious action aimed at damaging, stealing, or blocking digital data. Everyone — from individuals to corporations — is at risk.
  2. Are system slowdowns always a sign of an attack?
    Not always, but persistent slowness accompanied by other symptoms deserves investigation.
  3. What should I do if I receive a ransom demand?
    Don’t pay. Disconnect the device from the network, contact a professional, and check for clean backups.
  4. How can I protect against phishing?
    Always verify sender addresses, avoid clicking suspicious links, and use two-factor authentication.
  5. What are the most common threats today?
    Phishing, ransomware, DDoS, spyware, and unauthorized system access.
  6. Can public Wi-Fi expose me to spying?
    Yes. Unsecured networks are easy targets for MitM attacks that intercept your data.
  7. Is free antivirus software enough?
    Usually not. For full protection, a comprehensive security suite is recommended.
  8. How can I tell if my IP is under attack?
    By monitoring network traffic using advanced firewalls or port scanning tools.
  9. Are there visible signs on a hacked website?
    Yes: slow loading times, redirect issues, altered content, or browser warnings.
  10. How important is cyber security training?
    Crucial. Educated users are the first line of defense against cyber threats.
3
To top